Webcam spy program grabbed secret stills of millions of Yahoo users

A clandestine security program run by the UK’s surveillance agency GCHQ with the aid of the NSA captured and stored still images of millions of global webcam users, a new document leak suggests, part of a sweeping monitoring program that required no suspicion of guilt around those impacted. Optic Nerve – which in one six month period alone is said to have captured and stored more than 1.8m Yahoo accounts around the world – ran between 2008 and 2012 at least, grabbing a still every five minutes to create a privacy-intruding digital “mugshot” book security services could later use.

GCHQ and other agencies used content grabbed by Optic Nerve to test new automatic face-recognition software for its potential worth in tracking existing targets as they communicated online, The Guardian reports, in addition to finding new potential suspects. By relying on video rather than text chat, so the theory went, identification could be made even if multiple Yahoo user accounts were used.

“Face detection has the potential to aid selection of useful images for ‘mugshots’ or even for face recognition by assessing the angle of the face … The best images are ones where the person is facing the camera with their face upright” GCHQ Optic Nerve document

Access to the information gathered within the agency is said to have been limited to bulk searches of metadata for the most part. However, GCHQ analysts picking out a target would then be shown others with similar usernames – even if there was no other connection – while trials of automatic recognition were also underway.

Much of the captured content featured people using webcams for adult purposes, the security agency discovered, though that fact did not stop it from gathering the images. “Undesirable nudity” was a feature in as much as 11-percent of the shots, GCHQ estimated, eventually using face-identification software to automatically exclude any shots where only anonymous body parts were on show.

Other documentation indicated the Kinect camera for Xbox 360 was also being assessed as a potential data collection tool.

Although the NSA assisted in some of the setup of Optic Nerve, it’s unclear at this stage how much access the US agency had to the data that was collected. Metadata could have been shared, though not the image database itself.

GCHQ insists that Optic Nerve was fully legal, and operated within the scope of its authority in the UK. The NSA declined to comment on the possibility of similar schemes running in the US.

As for Yahoo, it claims to have been unaware of Optic Nerve, and says it has been working to “expand encryption” for its services.

“We were not aware of, nor would we condone, this reported activity. This report, if true, represents a whole new level of violation of our users’ privacy that is completely unacceptable, and we strongly call on the world’s governments to reform surveillance law consistent with the principles we outlined in December” Yahoo statement

Earlier this week leaks suggested four different possibilities for NSA phone metadata surveillance reform that the White House was considering, including giving responsibility for managing a tracking database to phone operators like AT&T and Verizon themselves.